NSE 6 – FortiAuthenticator 6.1 — Question 2

What happens when a certificate is revoked? (Choose two.)

Answer options

• A. External CAs will periodically query FortiAuthenticator and automatically download revoked certificates
• B. Revoked certificates are automatically added to the CRL
• C. All certificates signed by a revoked CA certificate are automatically revoked
• D. Revoked certificates cannot be reinstated for any reason

Correct answer: B, C

Explanation

The correct answer B indicates that revoked certificates are listed on the Certificate Revocation List (CRL), which is essential for informing users about certificates that should no longer be trusted. Answer C is also correct because when a CA certificate is revoked, all certificates it has signed are inherently invalidated as well. Options A and D are incorrect; external CAs do not automatically download revoked certificates from FortiAuthenticator, and revoked certificates can sometimes be reinstated under specific conditions.